Eric Renfro
402420472e
This includes a bug fix found in the ipv6 agent for AWS SG's, along with better IPv6 detection to get the current active source IPv6 address.
69 lines
2.6 KiB
Bash
Executable file
69 lines
2.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Internal Initialization
|
|
|
|
source "${DIP_FUNCTIONS}"
|
|
|
|
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf" ]] && \
|
|
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf"
|
|
|
|
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]] && \
|
|
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf"
|
|
|
|
if [[ -z "$agent_aws_sg_id" ]]; then
|
|
logerr "ERROR: Need 'agent_aws_sg_id' to be defined to your Security Group ID"
|
|
exit 99
|
|
fi
|
|
|
|
#if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
|
|
# if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
|
|
# logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
|
|
# exit 99
|
|
# elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
|
|
# logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
|
|
# exit 99
|
|
# else
|
|
# export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
|
|
# export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
|
|
# fi
|
|
#else
|
|
# logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
|
|
# exit 99
|
|
#fi
|
|
|
|
if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" || -z "$AWS_DEFAULT_REGION" ]]; then
|
|
echo "ERROR: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be set"
|
|
exit 99
|
|
fi
|
|
|
|
if [[ -z "$DIP_CUR_IP" || -z "$DIP_OLD_IP" ]]; then
|
|
logerr "ERROR: Agent expects currentip, and existingip."
|
|
exit 98
|
|
fi
|
|
|
|
|
|
# Main
|
|
|
|
if valid_ipv4 "$DIP_CUR_IP"; then
|
|
if [[ "${DIP_CUR_IP}/32" = "${DIP_OLD_IP}/32" ]]; then
|
|
log "No changes required."
|
|
else
|
|
log "Updating Security Group IP"
|
|
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_OLD_IP}/32\"}]}]"
|
|
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_CUR_IP}/32\"}]}]"
|
|
fi
|
|
fi
|
|
|
|
if valid_ipv6 "$DIP_CUR_IP"; then
|
|
currentprefix=$(getIPv6Prefix "$DIP_CUR_IP")
|
|
existingprefix=$(getIPv6Prefix "$DIP_OLD_IP")
|
|
|
|
if [[ "$currentprefix" = "$existingprefix" ]]; then
|
|
log "No changes required."
|
|
else
|
|
log "Updating Security Group IPv6"
|
|
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
|
|
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
|
|
fi
|
|
fi
|